Protect Your Brand

There’s been quite a bit of media coverage on fraudulent applications being submitted to well-ranked universities, particularly coming from overseas
students. This entails applicants cheating on various aspects of admission requirements,
often using third parties to ghostwrite essays, or by providing false or misleading data.
All of this is a well-known phenomenon to which admissions officers need to apply a filter. What’s less
well known is a problem universities are subjected to at the hands of third-party agents conducting
fake authorizations for prospective overseas students by creating what are called “honeypot” websites.

In brief, how the honeypot scam operates is through a
website that attracts hundreds (sometimes thousands) of
prospective students into a network of fake agents who hold
out the promise of helping them gain admission to prestigious
schools, in exchange for a large fee.

These agents, who mostly operate out of Southeast Asia,
lure in these students, process their applications and charge
them a fee to support the application in terms of academic
accountability and data requirements in addition to all the
overseas documentation and visas that need to be obtained.
So far, so good — there are many legitimate agents out there
who do this confounding paperwork for students wishing
to study overseas. However, with honeypots there’s a catch.
These agents represent themselves online as legitimate representatives
of top universities such as Harvard or Stanford,
when in fact they create fraudulent and brand-infringing
websites that are practically indistinguishable from the real
university’s own website. The university’s logos, colors and
branding are used to create an aura of legitimacy.

From there the scam can go several ways, all of which are
damaging to the university’s brand and reputation. At its
worst, once the fee is received, the honeypot network tells the
student that they’ve processed his application to, say, Harvard,
but that the student “just missed” meeting the requirements
for admission. Of course no application was actually
sent or processed, though the fee was collected. Then the fake
agent secures courses for the students in vocational training
centers, English language courses or other programs — that
have nothing to with the prospective university to which the
students thought they were applying. Often students are sent
off to bogus programs… overseas.

These “stepping stone” institutions differ considerably
from real universities — in many cases, they are accredited
agencies authorized to sort international students, but for
much lesser-known universities. So while sorting them into
these vocational training programs, English courses and
feeder schools, the agency might say that they are representing
Harvard University — so please apply through us.
A prospective student in a country they’re targeting, say,
Malaysia, indicates his wish to go to Harvard University.
He goes to speak to the agent, who takes his money and
tells him, “You didn’t meet the requirements. Here are the
courses you can apply for. You’ve been accepted. Do you
want to go?” In a surprising number of cases, the student
accepts this offer.

So this is the underpinning of the honeypot scam. Sound
complicated? It is. But it’s happening, and it can be a very
effective deception. It has been costing many colleges and
universities a good sum of money in lost tuition and other
revenue, not to mention brand reputation and, potentially,
some excellent candidates who could have attend those institutions.
In these fake authorizations and honeypot schemes,
a number of university brands have been targeted based on
solid global reputation and size — and also on the university’s
demographic, especially in terms of its international
student population.

WHAT IS THE EXTENT OF THE PROBLEM?

It’s my belief that every well-ranked university is a potential
target of this brand-infringing scam. Before coming to
the U.S., I’d worked on this issue with several universities in
Australia. There are many people in Southeast Asia making
a lot of money through defrauding prospective international
students there. But I’m estimating that the problem is some
50 times worse in the U.S., where there are so many more
prestigious colleges and universities that have built a high
value brand for themselves.

The impact on the students is clearly massive — they
are being duped, they are being swindled and they are being
sent to faraway lands with no legitimate landing pad. But
the impact for universities is huge also. While the students
are being lied to, the fraud isn’t just with fake applications
and dashing of expectations. It’s in brand infringement.
And universities are losing revenue as a result. These fake
agents are taking students, attracting them based on the
brand prestige a university has built over the years, and
sending them to places where the students never intended to
go in the first place.

COMBATTING HONEYPOT SCAMS IN REAL TIME

I’d like to outline the approach we had taken to help
Australian universities, as I believe the same principles apply
across the worldwide web.

Honeypot agencies set up an entire fake website, using a
domain name identical or confusingly similar to an authentic
university’s. They register what is called a country code
top-level domain (ccTLD), which is a localized website suffix.
In Malaysia, that would be .my — so online you might see
harvarduniversity.com.my, or yaleuniversity.org.hk (for Hong
Kong). Scammers register in countries where the college
hasn’t secured that domain name. They reproduce a carbon
copy of the university’s website — using HTML structure,
they actually pull the code from the real website and replicate
it to make it look legitimate.

The infringing website contains a combination of content
lifted from the university’s official site and localized, fabricated
content used to attract students from the region. The
fraudsters use official logos, the university’s own images,
and/or images from the country they’re trying to steer the
students to. They also optimize the website in local search
engines.

To show just how far some of these fake agents will go, one
in particular set up an information session in a building that
was right next door to the university being infringed upon.
On one of the websites, we found an announcement that they
were holding an information session on a particular date. We
informed the university, which sent representatives to the
information session. The fake agents had banners, paperwork…
everything ready to go, and they had absolutely no
affiliation with the legitimate university or its website. That’s
how nervy and brazen these scammers can be.

For this university, we scanned the Internet, looking
for all cases of brand infringement — any way that a third
party was using the university’s brand or logo, or its domain
name — and we compared them against the websites of
authorized agents the university knew about. This task gets
into the nitty gritty of how the Internet works — checking
and comparing different ISPs and working with different
organizations around the world that actually get these
websites removed.

All said it was a big project, taking about two years to get
to a more manageable number of fake agents and websites.
In many cases, we were able to get the infringing websites
totally banned and completely lifted from the Internet. Our
work in Australia encompassed a couple of colleges, but the
sheer volume of online cleanup work was enormous. Top U.S.
universities, such as Harvard and Stanford, would need to
deal with multiples of this volume.

WHAT CAN UNIVERSITIES
DO TO COMBAT THE PROBLEM?

The first step for university admissions and marketing
officers is to acknowledge that this online problem exists.
Virtually all of the better universities are, correctly and
understandably, concerned with upholding and protecting
their brand, and virtually all of them are under attack online
in multiple ways. The good news is that there are steps that all
brand holders, including universities, can take against online
fraudsters and brand infringers. This work requires constant
vigilance, and involves putting an online brand protection
plan in place, the end game being to remove fraudulent content
from the online marketplace.

Universities need to take stock of their online brand
presence, including all websites, social media and mobile
components. They can do this by implementing a basic
online brand-monitoring tool that will filter and target the
various threats that are out there. Where are there cracks in
the armor? An initial audit of fraudulent activity on social
media platforms and mobile apps will provide a starting
point. The audit should focus on the key issues that are
most likely to affect your university’s individual brands and
trademarks.

A next step would be to gain an understanding of the most pressing infractions. A balanced scorecard approach enables
strategic decisions to be made based on activity relating to the
most important brands in real time and will enable universities
to focus on the enforcement that makes the most impact.

Then comes the business of taking the scammers down. A
university should have an enforcement program — a toolbox of
mechanisms to get the infringed content removed. It involves
working with social media, the ISPs and web hosts to remove or
disrupt infringing material squatting on websites and social media
platforms in several ways. These include using the platform’s
own reporting mechanism for intellectual property infringements,
using search engine mechanisms to remove links and directly
asking the infringer to take down the fraudulent content.
This combination of actions can be surprisingly effective.

Scammers take advantage of the fact that most colleges
and universities don’t monitor their online presence very consistently
— they’re generally not as on the watch with their
brands as, say, banks are. Every time a bank’s logo gets put
up on the Internet, they know about it instantly. We’ve found
that some of these honeypot websites have been up for a long
time — and all this while, the schools are getting soaked. For
a particularly large problem, taking down the fake websites
can be like an exercise in whack-a-mole. When one site is
taken down, another new one pops up, so it’s necessary to
constantly stay after it.

But the truth it that this is a big money scam. International
student applications and visa and document processing
means revenue — and in these honeypot schemes, that’s lost
revenue for bona fide institutes of higher education. Even as
they engage in the protection of their student populace, it’s
time that they also get protective of their brands.

This article originally appeared in the May 2016 issue of College Planning & Management.